search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libads: Pass "required_flags" through ads_cldap_netlogon_5()
[samba4-gss.git] / source3 / libads / cldap.c
blobe0789c50dacceefc6ef904b0735cd71ede327a0f
1 /*
2 Samba Unix/Linux SMB client library
3 net ads cldap functions
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2009 Stefan Metzmacher (metze@samba.org)
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "../libcli/cldap/cldap.h"
25 #include "../librpc/gen_ndr/ndr_netlogon.h"
26 #include "../lib/tsocket/tsocket.h"
27 #include "../lib/util/tevent_ntstatus.h"
28 #include "libads/cldap.h"
29 #include "libads/netlogon_ping.h"
30
31 /****************************************************************
32 ****************************************************************/
33
34 #define RETURN_ON_FALSE(x) if (!(x)) return false;
35
36 bool check_cldap_reply_required_flags(uint32_t ret_flags,
37 uint32_t req_flags)
38 {
39 if (req_flags == 0) {
40 return true;
41 }
42
43 if (req_flags & DS_PDC_REQUIRED)
44 RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
45
46 if (req_flags & DS_GC_SERVER_REQUIRED)
47 RETURN_ON_FALSE(ret_flags & NBT_SERVER_GC);
48
49 if (req_flags & DS_ONLY_LDAP_NEEDED)
50 RETURN_ON_FALSE(ret_flags & NBT_SERVER_LDAP);
51
52 if ((req_flags & DS_DIRECTORY_SERVICE_REQUIRED) ||
53 (req_flags & DS_DIRECTORY_SERVICE_PREFERRED))
54 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS);
55
56 if (req_flags & DS_KDC_REQUIRED)
57 RETURN_ON_FALSE(ret_flags & NBT_SERVER_KDC);
58
59 if (req_flags & DS_TIMESERV_REQUIRED)
60 RETURN_ON_FALSE(ret_flags & NBT_SERVER_TIMESERV);
61
62 if (req_flags & DS_WEB_SERVICE_REQUIRED)
63 RETURN_ON_FALSE(ret_flags & NBT_SERVER_ADS_WEB_SERVICE);
64
65 if (req_flags & DS_WRITABLE_REQUIRED)
66 RETURN_ON_FALSE(ret_flags & NBT_SERVER_WRITABLE);
67
68 if (req_flags & DS_DIRECTORY_SERVICE_6_REQUIRED)
69 RETURN_ON_FALSE(ret_flags & (NBT_SERVER_SELECT_SECRET_DOMAIN_6
70 |NBT_SERVER_FULL_SECRET_DOMAIN_6));
71
72 if (req_flags & DS_DIRECTORY_SERVICE_8_REQUIRED)
73 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_8);
74
75 if (req_flags & DS_DIRECTORY_SERVICE_9_REQUIRED)
76 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_9);
77
78 if (req_flags & DS_DIRECTORY_SERVICE_10_REQUIRED)
79 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_10);
80
81 return true;
82 }
83
84 /*******************************************************************
85 do a cldap netlogon query. Always 389/udp
86 *******************************************************************/
87
88 static bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
89 struct sockaddr_storage *ss,
90 const char *realm,
91 uint32_t nt_version,
92 uint32_t required_flags,
93 struct netlogon_samlogon_response **_reply)
94 {
95 NTSTATUS status;
96 char addrstr[INET6_ADDRSTRLEN];
97 const char *dest_str;
98 struct tsocket_address *dest_addr;
99 struct netlogon_samlogon_response **responses = NULL;
100 int ret;
101
102 dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
103
104 ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
105 dest_str, LDAP_PORT,
106 &dest_addr);
107 if (ret != 0) {
108 status = map_nt_error_from_unix(errno);
109 DEBUG(2,("Failed to create cldap tsocket_address for %s - %s\n",
110 dest_str, nt_errstr(status)));
111 return false;
112 }
113
114 status = netlogon_pings(
115 talloc_tos(), /* mem_ctx */
116 lp_client_netlogon_ping_protocol(), /*proto */
117 &dest_addr, /* servers */
118 1, /* num_servers */
119 (struct netlogon_ping_filter) {
120 .ntversion = nt_version,
121 .domain = realm,
122 .acct_ctrl = -1,
123 .required_flags = required_flags,
124 },
125 1, /* min_servers */
126 timeval_current_ofs(MAX(3, lp_ldap_timeout() / 2), 0),
127 &responses);
128 if (!NT_STATUS_IS_OK(status)) {
129 DBG_NOTICE("netlogon_pings failed: %s\n", nt_errstr(status));
130 return false;
131 }
132 if (responses == NULL || responses[0] == NULL) {
133 DBG_NOTICE("did not get a reply\n");
134 TALLOC_FREE(responses);
135 return false;
136 }
137 *_reply = talloc_move(mem_ctx, &responses[0]);
138
139 return true;
140 }
141
142 /*******************************************************************
143 do a cldap netlogon query. Always 389/udp
144 *******************************************************************/
145
146 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
147 struct sockaddr_storage *ss,
148 const char *realm,
149 uint32_t required_flags,
150 struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
151 {
152 uint32_t nt_version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
153 struct netlogon_samlogon_response *reply = NULL;
154 bool ret;
155
156 ret = ads_cldap_netlogon(
157 mem_ctx, ss, realm, nt_version, required_flags, &reply);
158 if (!ret) {
159 return false;
160 }
161
162 if (reply->ntver != NETLOGON_NT_VERSION_5EX) {
163 DEBUG(0,("ads_cldap_netlogon_5: nt_version mismatch: 0x%08x\n",
164 reply->ntver));
165 return false;
166 }
167
168 *reply5 = reply->data.nt5_ex;
169
170 return true;
171 }
GSS-enabled samba4